Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
LX4CUQO8qI.dll
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
modified
|
||
|
\Device\Mailslot\slot-3457
|
data
|
dropped
|
||
|
\Device\Mailslot\slot-457
|
data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\loaddll32.exe
|
loaddll32.exe "C:\Users\user\Desktop\LX4CUQO8qI.dll"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\LX4CUQO8qI.dll",#1
|
||
|
C:\Windows\SysWOW64\regsvr32.exe
|
regsvr32.exe /s C:\Users\user\Desktop\LX4CUQO8qI.dll
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\LX4CUQO8qI.dll",#1
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\LX4CUQO8qI.dll,DllGetClassObject
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\LX4CUQO8qI.dll,DllMain
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\LX4CUQO8qI.dll,DllRegisterServer
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
154.82.113.115
|
|
||
|
https://154.82.113.115/
|
unknown
|
||
|
https://154.82.113.115:2003/owa/?wa=FPR-lSl93sxmVlVCOAlZFbF7o1dHykWQXURFaS8Dwbgi6FyenzDlocbqwA4aTXi6
|
unknown
|
||
|
https://154.82.113.115:2003/
|
unknown
|
||
|
https://154.82.113.115:2003/hy
|
unknown
|
||
|
https://154.82.113.115:2003/oft
|
unknown
|
||
|
https://154.82.113.115:2003/owa/?wa=FPR-lSl93sxmVlVCOAlZFbF7o1dHykWQX
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
bg.microsoft.map.fastly.net
|
199.232.210.172
|
||
|
edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
|
84.201.210.21
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
154.82.113.115
|
unknown
|
Seychelles
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
960000
|
direct allocation
|
page execute and read and write
|
|
|
|
1080000
|
heap
|
page execute and read and write
|
|
|
|
32EF000
|
stack
|
page read and write
|
||
|
23D0000
|
heap
|
page read and write
|
||
|
4C5F000
|
stack
|
page read and write
|
||
|
3775000
|
heap
|
page read and write
|
||
|
3701000
|
heap
|
page read and write
|
||
|
338E000
|
stack
|
page read and write
|
||
|
3B0C000
|
heap
|
page read and write
|
||
|
13DD000
|
stack
|
page read and write
|
||
|
2F9A000
|
heap
|
page read and write
|
||
|
335F000
|
stack
|
page read and write
|
||
|
2620000
|
heap
|
page read and write
|
||
|
113E000
|
stack
|
page read and write
|
||
|
418E000
|
stack
|
page read and write
|
||
|
3A0000
|
heap
|
page read and write
|
||
|
7DF000
|
stack
|
page read and write
|
||
|
D84000
|
heap
|
page read and write
|
||
|
25EB000
|
stack
|
page read and write
|
||
|
3764000
|
heap
|
page read and write
|
||
|
560000
|
heap
|
page read and write
|
||
|
37E2000
|
heap
|
page read and write
|
||
|
10BE000
|
stack
|
page read and write
|
||
|
283C000
|
stack
|
page read and write
|
||
|
1406000
|
heap
|
page read and write
|
||
|
9C0000
|
heap
|
page read and write
|
||
|
999000
|
direct allocation
|
page execute and read and write
|
||
|
720000
|
heap
|
page read and write
|
||
|
3744000
|
heap
|
page read and write
|
||
|
3744000
|
heap
|
page read and write
|
||
|
3ACF000
|
heap
|
page read and write
|
||
|
4FD000
|
stack
|
page read and write
|
||
|
1400000
|
heap
|
page read and write
|
||
|
3711000
|
heap
|
page read and write
|
||
|
9D8000
|
heap
|
page read and write
|
||
|
3ACE000
|
heap
|
page read and write
|
||
|
117E000
|
stack
|
page read and write
|
||
|
359E000
|
stack
|
page read and write
|
||
|
36F0000
|
remote allocation
|
page read and write
|
||
|
4290000
|
heap
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
374C000
|
heap
|
page read and write
|
||
|
D3C000
|
stack
|
page read and write
|
||
|
D70000
|
heap
|
page read and write
|
||
|
9CF000
|
heap
|
page read and write
|
||
|
3740000
|
heap
|
page read and write
|
||
|
399E000
|
stack
|
page read and write
|
||
|
2A3F000
|
stack
|
page read and write
|
||
|
374A000
|
heap
|
page read and write
|
||
|
3738000
|
heap
|
page read and write
|
||
|
27CE000
|
stack
|
page read and write
|
||
|
345C000
|
stack
|
page read and write
|
||
|
3370000
|
heap
|
page read and write
|
||
|
FB8000
|
heap
|
page read and write
|
||
|
374A000
|
heap
|
page read and write
|
||
|
6F0000
|
heap
|
page read and write
|
||
|
139F000
|
stack
|
page read and write
|
||
|
CFE000
|
stack
|
page read and write
|
||
|
A1B000
|
heap
|
page read and write
|
||
|
F7F000
|
stack
|
page read and write
|
||
|
915000
|
heap
|
page read and write
|
||
|
2E8B000
|
stack
|
page read and write
|
||
|
79E000
|
stack
|
page read and write
|
||
|
2D5B000
|
stack
|
page read and write
|
||
|
A47000
|
heap
|
page read and write
|
||
|
3744000
|
heap
|
page read and write
|
||
|
2D9C000
|
stack
|
page read and write
|
||
|
D8E000
|
stack
|
page read and write
|
||
|
2F90000
|
heap
|
page read and write
|
||
|
4A8E000
|
stack
|
page read and write
|
||
|
374A000
|
heap
|
page read and write
|
||
|
A40000
|
heap
|
page read and write
|
||
|
374A000
|
heap
|
page read and write
|
||
|
570000
|
heap
|
page read and write
|
||
|
1190000
|
heap
|
page execute and read and write
|
||
|
373F000
|
heap
|
page read and write
|
||
|
99B000
|
direct allocation
|
page execute and read and write
|
||
|
D88000
|
heap
|
page read and write
|
||
|
447F000
|
stack
|
page read and write
|
||
|
31B0000
|
heap
|
page read and write
|
||
|
37B6000
|
heap
|
page read and write
|
||
|
2F30000
|
heap
|
page read and write
|
||
|
DCF000
|
stack
|
page read and write
|
||
|
3AA1000
|
heap
|
page read and write
|
||
|
A13000
|
heap
|
page read and write
|
||
|
10FE000
|
stack
|
page read and write
|
||
|
3700000
|
heap
|
page read and write
|
||
|
A7A000
|
heap
|
page read and write
|
||
|
2970000
|
heap
|
page read and write
|
||
|
3B0C000
|
heap
|
page read and write
|
||
|
2AD0000
|
heap
|
page read and write
|
||
|
3AA0000
|
heap
|
page read and write
|
||
|
4C1E000
|
stack
|
page read and write
|
||
|
280F000
|
stack
|
page read and write
|
||
|
284E000
|
stack
|
page read and write
|
||
|
AA7000
|
heap
|
page read and write
|
||
|
129C000
|
stack
|
page read and write
|
||
|
D80000
|
heap
|
page read and write
|
||
|
580000
|
heap
|
page read and write
|
||
|
35DE000
|
stack
|
page read and write
|
||
|
374E000
|
heap
|
page read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
33C000
|
stack
|
page read and write
|
||
|
37E2000
|
heap
|
page read and write
|
||
|
3010000
|
heap
|
page read and write
|
||
|
9A3000
|
direct allocation
|
page execute and read and write
|
||
|
3911000
|
direct allocation
|
page execute and read and write
|
||
|
286A000
|
heap
|
page read and write
|
||
|
3744000
|
heap
|
page read and write
|
||
|
9DD000
|
heap
|
page read and write
|
||
|
332D000
|
stack
|
page read and write
|
||
|
29B0000
|
heap
|
page read and write
|
||
|
995000
|
direct allocation
|
page execute and read and write
|
||
|
2A80000
|
heap
|
page read and write
|
||
|
3744000
|
heap
|
page read and write
|
||
|
374A000
|
heap
|
page read and write
|
||
|
43BE000
|
stack
|
page read and write
|
||
|
2860000
|
heap
|
page read and write
|
||
|
D82000
|
heap
|
page read and write
|
||
|
3B27000
|
heap
|
page read and write
|
||
|
29FE000
|
stack
|
page read and write
|
||
|
33CF000
|
stack
|
page read and write
|
||
|
3080000
|
heap
|
page read and write
|
||
|
69C000
|
stack
|
page read and write
|
||
|
31BA000
|
heap
|
page read and write
|
||
|
A4E000
|
heap
|
page read and write
|
||
|
7FA000
|
heap
|
page read and write
|
||
|
A40000
|
heap
|
page read and write
|
||
|
3764000
|
heap
|
page read and write
|
||
|
325F000
|
stack
|
page read and write
|
||
|
3759000
|
heap
|
page read and write
|
||
|
37E2000
|
heap
|
page read and write
|
||
|
10B8000
|
heap
|
page execute and read and write
|
||
|
2FB000
|
stack
|
page read and write
|
||
|
4BDF000
|
stack
|
page read and write
|
||
|
33F0000
|
heap
|
page read and write
|
||
|
3910000
|
direct allocation
|
page execute read
|
||
|
3ACD000
|
heap
|
page read and write
|
||
|
2670000
|
heap
|
page read and write
|
||
|
3AA1000
|
heap
|
page read and write
|
||
|
266E000
|
stack
|
page read and write
|
||
|
3ACE000
|
heap
|
page read and write
|
||
|
7F0000
|
heap
|
page read and write
|
||
|
2A7E000
|
stack
|
page read and write
|
||
|
43FF000
|
stack
|
page read and write
|
||
|
3740000
|
heap
|
page read and write
|
||
|
A70000
|
heap
|
page read and write
|
||
|
A7A000
|
heap
|
page read and write
|
||
|
65B000
|
stack
|
page read and write
|
||
|
A28000
|
heap
|
page read and write
|
||
|
374C000
|
heap
|
page read and write
|
||
|
2F40000
|
heap
|
page read and write
|
||
|
319E000
|
stack
|
page read and write
|
||
|
2ECC000
|
stack
|
page read and write
|
||
|
A4E000
|
heap
|
page read and write
|
||
|
A47000
|
heap
|
page read and write
|
||
|
374A000
|
heap
|
page read and write
|
||
|
A47000
|
heap
|
page read and write
|
||
|
46F0000
|
heap
|
page read and write
|
||
|
4320000
|
heap
|
page read and write
|
||
|
141C000
|
heap
|
page read and write
|
||
|
4CD0000
|
heap
|
page read and write
|
||
|
315F000
|
stack
|
page read and write
|
||
|
37E2000
|
heap
|
page read and write
|
||
|
A7F000
|
heap
|
page read and write
|
||
|
443D000
|
stack
|
page read and write
|
||
|
700000
|
heap
|
page read and write
|
||
|
36F0000
|
remote allocation
|
page read and write
|
||
|
49CF000
|
stack
|
page read and write
|
||
|
278F000
|
stack
|
page read and write
|
||
|
3740000
|
heap
|
page read and write
|
||
|
41CF000
|
stack
|
page read and write
|
||
|
910000
|
heap
|
page read and write
|
||
|
2ACF000
|
stack
|
page read and write
|
||
|
334E000
|
stack
|
page read and write
|
||
|
3744000
|
heap
|
page read and write
|
||
|
374E000
|
heap
|
page read and write
|
||
|
30A0000
|
heap
|
page read and write
|
||
|
374E000
|
heap
|
page read and write
|
||
|
3752000
|
heap
|
page read and write
|
||
|
A72000
|
heap
|
page read and write
|
||
|
3AE1000
|
heap
|
page read and write
|
||
|
3FD000
|
stack
|
page read and write
|
||
|
3738000
|
heap
|
page read and write
|
||
|
349E000
|
stack
|
page read and write
|
||
|
36F0000
|
remote allocation
|
page read and write
|
||
|
3763000
|
heap
|
page read and write
|
||
|
3A9E000
|
stack
|
page read and write
|
||
|
37A3000
|
heap
|
page read and write
|
||
|
2ADA000
|
heap
|
page read and write
|
||
|
4BE0000
|
heap
|
page read and write
|
||
|
3000000
|
heap
|
page read and write
|
||
|
A4E000
|
heap
|
page read and write
|
||
|
413F000
|
stack
|
page read and write
|
||
|
2890000
|
heap
|
page read and write
|
||
|
A4E000
|
heap
|
page read and write
|
||
|
4ACF000
|
stack
|
page read and write
|
||
|
3738000
|
heap
|
page read and write
|
||
|
F80000
|
heap
|
page read and write
|
||
|
9A1000
|
direct allocation
|
page execute and read and write
|
||
|
3AE0000
|
heap
|
page read and write
|
||
|
36DD000
|
stack
|
page read and write
|
There are 192 hidden memdumps, click here to show them.